Monthly Archive: May 2020

** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute...

** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue...

MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. Date published : 2020-05-15 https://github.com/MISP/MISP-maltego/commit/3ccde66dab4096ab5663e69f352992cc73e1160b

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. Date published : 2020-05-15 https://security.netapp.com/advisory/ntap-20200608-0001/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/

Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow. Date published : 2020-05-15 http://packetstormsecurity.com/files/157756/Submitty-20.04.01-Cross-Site-Scripting.html https://github.com/Submitty/Submitty/issues/5266

yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0. Date published...

eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the...

Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the...

XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript. Date published : 2020-05-15 https://www.interchangecommerce.org/i/dev/news?mv_arg=00064 https://www.interchangecommerce.org

SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. Date published...

libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. Date published : 2020-05-15 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9 https://pub.freerdp.com/cve/CVE-2020-11526/pocAnalysis_4.pdf

libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. Date published : 2020-05-15 https://github.com/FreeRDP/FreeRDP/pull/6019/commits/58dc36b3c883fd460199cedb6d30e58eba58298c https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg

libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. Date published : 2020-05-15 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw https://pub.freerdp.com/cve/CVE-2020-11524/pocAnalysis_3.pdf

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. Date published : 2020-05-15 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4×42 https://pub.freerdp.com/cve/CVE-2020-11523/pocAnalysis_2.pdf